This is nothing new, mind you - after all, many users see Facebook as a possibility to make new friends - but it is worth noting that simply friending someone you know nothing about can result in identity theft.

Here's how Sophos conducted their research:

'Sophos created two fictitious users with names based on anagrams of the words 'false identity' and 'stolen identity.' 21-year-old 'Daisy Felettin' was represented by a picture of a toy rubber duck bought at a $2 shop; 56-year-old 'Dinette Stonily' posted a profile picture of two cats lying on a rug. Each sent out 100 friend requests to randomly-chosen Facebook users in their age-group.

Within two weeks, a total of 95 strangers chose to become friends with Daisy or Dinette - an even higher response rate then when Sophos first performed the experiment two years ago with a plastic frog. Worse still, in the latest study, eight Facebookers befriended Dinette without even being asked.'

At Sophos, they call it the 'rubber duck attack.' The moniker is silly on purpose, as it shows how you can gather someone's personal info without any technical expertise, simply by working within the social network's rules.

It's important to point out that Facebook gives very extensive privacy options for every profile; you can read the details on how to protect your data in our Facebook privacy primer. While there's nothing wrong with being friendly, even with strangers, Facebook users need to understand that this friendliness can cost them, and the price of identity theft can be very high.

Check out a video showing how the 'rubber duck' tactic can be used for identity theft at Mashable.